594 lines
26 KiB
JSON
594 lines
26 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--57721a0d-8c48-47a5-86d4-458c950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:24.000Z",
|
||
|
"modified": "2016-06-28T06:34:24.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--57721a0d-8c48-47a5-86d4-458c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:24.000Z",
|
||
|
"modified": "2016-06-28T06:34:24.000Z",
|
||
|
"name": "OSINT - Retefe banking Trojan targets UK banking customers",
|
||
|
"published": "2016-06-28T06:42:05Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--57721a2f-3864-4f37-88e8-46c0950d210f",
|
||
|
"url--57721a2f-3864-4f37-88e8-46c0950d210f",
|
||
|
"x-misp-attribute--57721a3c-bdd0-41bf-ae29-3123950d210f",
|
||
|
"indicator--57721a50-b25c-4600-bd64-4006950d210f",
|
||
|
"indicator--57721a50-8f34-4fcb-a230-41f8950d210f",
|
||
|
"indicator--57721a51-d678-4635-ba54-4a05950d210f",
|
||
|
"indicator--57721a51-c894-4204-b97a-42d3950d210f",
|
||
|
"indicator--57721a51-d128-477b-87b7-424b950d210f",
|
||
|
"indicator--57721a70-f550-4837-bc33-4a5702de0b81",
|
||
|
"indicator--57721a70-21a0-4c15-b801-4e7a02de0b81",
|
||
|
"observed-data--57721a70-a080-4624-98c4-4a6802de0b81",
|
||
|
"url--57721a70-a080-4624-98c4-4a6802de0b81",
|
||
|
"indicator--57721a70-1cbc-49d4-bb6e-4e8502de0b81",
|
||
|
"indicator--57721a70-16a8-4552-b021-47c002de0b81",
|
||
|
"observed-data--57721a71-d084-4252-87e9-49a202de0b81",
|
||
|
"url--57721a71-d084-4252-87e9-49a202de0b81",
|
||
|
"indicator--57721a71-b714-42be-83f2-462d02de0b81",
|
||
|
"indicator--57721a71-6770-4209-8c97-49db02de0b81",
|
||
|
"observed-data--57721a71-90fc-42ad-a4c1-405d02de0b81",
|
||
|
"url--57721a71-90fc-42ad-a4c1-405d02de0b81",
|
||
|
"indicator--57721a71-50fc-48c9-b413-4f2a02de0b81",
|
||
|
"indicator--57721a72-7c60-481b-a0dc-40be02de0b81",
|
||
|
"observed-data--57721a72-bacc-4de5-abb1-459802de0b81",
|
||
|
"url--57721a72-bacc-4de5-abb1-459802de0b81",
|
||
|
"indicator--57721a72-bc3c-4515-af66-402702de0b81",
|
||
|
"indicator--57721a72-e328-43ca-8f9d-435502de0b81",
|
||
|
"observed-data--57721a72-acd4-48da-9114-4bbd02de0b81",
|
||
|
"url--57721a72-acd4-48da-9114-4bbd02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"circl:topic=\"finance\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57721a2f-3864-4f37-88e8-46c0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:33:19.000Z",
|
||
|
"modified": "2016-06-28T06:33:19.000Z",
|
||
|
"first_observed": "2016-06-28T06:33:19Z",
|
||
|
"last_observed": "2016-06-28T06:33:19Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57721a2f-3864-4f37-88e8-46c0950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57721a2f-3864-4f37-88e8-46c0950d210f",
|
||
|
"value": "https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customers"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--57721a3c-bdd0-41bf-ae29-3123950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:33:32.000Z",
|
||
|
"modified": "2016-06-28T06:33:32.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "The Retefe banking Trojan has been around for some time, targeting Sweden, Switzerland and Japan, as previously reported by Paloalto Research.\r\nWe recently noticed Retefe campaigns targeting UK banking customers. Using fake certificates, the Trojan is designed to trick victims into giving up their login credentials and other sensitive information.\r\n\r\nAt first, the victim receives a document with an embedded malicious JavaScript file per email. The document contains a very small image with a note asking the user to double click on it to view it better. After double clicking, the malicious embedded JavaScript is executed. The document has a notice message in German, however, the Trojan banker is targeting users in UK."
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a50-b25c-4600-bd64-4006950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:33:52.000Z",
|
||
|
"modified": "2016-06-28T06:33:52.000Z",
|
||
|
"description": "Sample",
|
||
|
"pattern": "[file:hashes.SHA256 = '0cf2c0165cdc3962ad8c3ac27258fdab4dcecb7121ba97856b66d22fd77aefca']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:33:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a50-8f34-4fcb-a230-41f8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:33:52.000Z",
|
||
|
"modified": "2016-06-28T06:33:52.000Z",
|
||
|
"description": "Sample",
|
||
|
"pattern": "[file:hashes.SHA256 = '1166ce980f783c5ba18fd1904e00350dd3d25c19e64674816a1b35da4319ae54']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:33:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a51-d678-4635-ba54-4a05950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:33:53.000Z",
|
||
|
"modified": "2016-06-28T06:33:53.000Z",
|
||
|
"description": "Sample",
|
||
|
"pattern": "[file:hashes.SHA256 = '50f729589fa850ade5834dd7fcd5f354f35b4515c8ecabbff91de3ceb45de052']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:33:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a51-c894-4204-b97a-42d3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:33:53.000Z",
|
||
|
"modified": "2016-06-28T06:33:53.000Z",
|
||
|
"description": "Sample",
|
||
|
"pattern": "[file:hashes.SHA256 = '5a578ccb2b1051273222359bf4ca18b8788df8f98a70cb0a8a354029ad7a9856']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:33:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a51-d128-477b-87b7-424b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:33:53.000Z",
|
||
|
"modified": "2016-06-28T06:33:53.000Z",
|
||
|
"description": "Sample",
|
||
|
"pattern": "[file:hashes.SHA256 = '629db885c944187dd0a71715c7fef929e38f1927bc19182122ea1b594397a9bd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:33:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a70-f550-4837-bc33-4a5702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:24.000Z",
|
||
|
"modified": "2016-06-28T06:34:24.000Z",
|
||
|
"description": "Sample - Xchecked via VT: 629db885c944187dd0a71715c7fef929e38f1927bc19182122ea1b594397a9bd",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f4d48a8d9447de0f3e318b6c739d8a640134db8e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:34:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a70-21a0-4c15-b801-4e7a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:24.000Z",
|
||
|
"modified": "2016-06-28T06:34:24.000Z",
|
||
|
"description": "Sample - Xchecked via VT: 629db885c944187dd0a71715c7fef929e38f1927bc19182122ea1b594397a9bd",
|
||
|
"pattern": "[file:hashes.MD5 = '1765232a9fd904d90ac7674a624669b0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:34:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57721a70-a080-4624-98c4-4a6802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:24.000Z",
|
||
|
"modified": "2016-06-28T06:34:24.000Z",
|
||
|
"first_observed": "2016-06-28T06:34:24Z",
|
||
|
"last_observed": "2016-06-28T06:34:24Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57721a70-a080-4624-98c4-4a6802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57721a70-a080-4624-98c4-4a6802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/629db885c944187dd0a71715c7fef929e38f1927bc19182122ea1b594397a9bd/analysis/1467090128/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a70-1cbc-49d4-bb6e-4e8502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:24.000Z",
|
||
|
"modified": "2016-06-28T06:34:24.000Z",
|
||
|
"description": "Sample - Xchecked via VT: 5a578ccb2b1051273222359bf4ca18b8788df8f98a70cb0a8a354029ad7a9856",
|
||
|
"pattern": "[file:hashes.SHA1 = '752e5d5f5443f21278afe32b4b556c88d9ad7d05']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:34:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a70-16a8-4552-b021-47c002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:24.000Z",
|
||
|
"modified": "2016-06-28T06:34:24.000Z",
|
||
|
"description": "Sample - Xchecked via VT: 5a578ccb2b1051273222359bf4ca18b8788df8f98a70cb0a8a354029ad7a9856",
|
||
|
"pattern": "[file:hashes.MD5 = '4c42b28d75f3939b5a58631c090dceb1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:34:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57721a71-d084-4252-87e9-49a202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:25.000Z",
|
||
|
"modified": "2016-06-28T06:34:25.000Z",
|
||
|
"first_observed": "2016-06-28T06:34:25Z",
|
||
|
"last_observed": "2016-06-28T06:34:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57721a71-d084-4252-87e9-49a202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57721a71-d084-4252-87e9-49a202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5a578ccb2b1051273222359bf4ca18b8788df8f98a70cb0a8a354029ad7a9856/analysis/1467090124/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a71-b714-42be-83f2-462d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:25.000Z",
|
||
|
"modified": "2016-06-28T06:34:25.000Z",
|
||
|
"description": "Sample - Xchecked via VT: 50f729589fa850ade5834dd7fcd5f354f35b4515c8ecabbff91de3ceb45de052",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e35cff87fec389a90bfe287aaa927fd7342977c7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:34:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a71-6770-4209-8c97-49db02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:25.000Z",
|
||
|
"modified": "2016-06-28T06:34:25.000Z",
|
||
|
"description": "Sample - Xchecked via VT: 50f729589fa850ade5834dd7fcd5f354f35b4515c8ecabbff91de3ceb45de052",
|
||
|
"pattern": "[file:hashes.MD5 = 'dcfb8e42173746bb97436782b6b644bd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:34:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57721a71-90fc-42ad-a4c1-405d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:25.000Z",
|
||
|
"modified": "2016-06-28T06:34:25.000Z",
|
||
|
"first_observed": "2016-06-28T06:34:25Z",
|
||
|
"last_observed": "2016-06-28T06:34:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57721a71-90fc-42ad-a4c1-405d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57721a71-90fc-42ad-a4c1-405d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/50f729589fa850ade5834dd7fcd5f354f35b4515c8ecabbff91de3ceb45de052/analysis/1467090120/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a71-50fc-48c9-b413-4f2a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:25.000Z",
|
||
|
"modified": "2016-06-28T06:34:25.000Z",
|
||
|
"description": "Sample - Xchecked via VT: 1166ce980f783c5ba18fd1904e00350dd3d25c19e64674816a1b35da4319ae54",
|
||
|
"pattern": "[file:hashes.SHA1 = '2713fd96a36f08e14fcea92fe455bcbb4f752e91']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:34:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a72-7c60-481b-a0dc-40be02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:26.000Z",
|
||
|
"modified": "2016-06-28T06:34:26.000Z",
|
||
|
"description": "Sample - Xchecked via VT: 1166ce980f783c5ba18fd1904e00350dd3d25c19e64674816a1b35da4319ae54",
|
||
|
"pattern": "[file:hashes.MD5 = '1c73db1b06b2b0967a33b39267972126']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:34:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57721a72-bacc-4de5-abb1-459802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:26.000Z",
|
||
|
"modified": "2016-06-28T06:34:26.000Z",
|
||
|
"first_observed": "2016-06-28T06:34:26Z",
|
||
|
"last_observed": "2016-06-28T06:34:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57721a72-bacc-4de5-abb1-459802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57721a72-bacc-4de5-abb1-459802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1166ce980f783c5ba18fd1904e00350dd3d25c19e64674816a1b35da4319ae54/analysis/1467090115/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a72-bc3c-4515-af66-402702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:26.000Z",
|
||
|
"modified": "2016-06-28T06:34:26.000Z",
|
||
|
"description": "Sample - Xchecked via VT: 0cf2c0165cdc3962ad8c3ac27258fdab4dcecb7121ba97856b66d22fd77aefca",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a7057daba35ecd78876900a4212f2f5d03df1edb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:34:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57721a72-e328-43ca-8f9d-435502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:26.000Z",
|
||
|
"modified": "2016-06-28T06:34:26.000Z",
|
||
|
"description": "Sample - Xchecked via VT: 0cf2c0165cdc3962ad8c3ac27258fdab4dcecb7121ba97856b66d22fd77aefca",
|
||
|
"pattern": "[file:hashes.MD5 = 'bf00ad68411fcd868d71c6bd6812f3df']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-06-28T06:34:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57721a72-acd4-48da-9114-4bbd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-06-28T06:34:26.000Z",
|
||
|
"modified": "2016-06-28T06:34:26.000Z",
|
||
|
"first_observed": "2016-06-28T06:34:26Z",
|
||
|
"last_observed": "2016-06-28T06:34:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57721a72-acd4-48da-9114-4bbd02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57721a72-acd4-48da-9114-4bbd02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0cf2c0165cdc3962ad8c3ac27258fdab4dcecb7121ba97856b66d22fd77aefca/analysis/1467090112/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|